Windows update nicht möglich, div. Umleitungen im Browser...

#0
19.10.2010, 11:37
...neu hier

Beiträge: 4
#1 Hallo liebe Experten,
kurze Zusammenfassung meiner Probleme...:
Letzte Woche habe ich ein defektes Admin Konto auf meinen Vista Rechner bemerkt. Dieses konnte ich wieder fixen. (Anleitung im Netz gefunden). Hab aber keine Ahnung ob das mit den folgenden Sachen zusammenhängt.
Mittlerweile startet der IE nicht mehr, der Firefox nur als Admin, ich kann kein Windows update mehr machen (Fehlermeldung 80072EFE) Dazu kommen nun auch noch div. Umleitungen bei aufgerufenen Seiten aus google bzw. sogar selbstständige Seitenaufrufe...
Ich habe mir das Kaspersky pure als Testversion geladen, gescannt , aber erfolglos, anschliessend die rescue CD von antivir erstellt, gescannt und 6 Java Einträge in den Temp Dateien gefunden und gelöscht. Allerdings ihne Wirkung zu den oben aufgeführten Problemen.
So nun der Hijack Eintrag:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:09, on 19.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Program Files\SpeedProject\SpeedCommander 10\SpeedCommander.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2220789123-478904379-3072460713-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Standard')
O4 - HKUS\S-1-5-21-2220789123-478904379-3072460713-1001\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User 'Standard')
O4 - HKUS\S-1-5-21-2220789123-478904379-3072460713-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Standard')
O4 - HKUS\S-1-5-21-2220789123-478904379-3072460713-1001\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User 'Standard')
O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Google Update] "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Default user')
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Verwaltungsservice vom CryproStorage-System (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7437 bytes
Als nächstes der OTL Text und Extra Datei:

OTL logfile created on: 19.10.2010 11:04:58 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Standard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 30,79 Gb Free Space | 30,88% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,24 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
Drive E: | 75,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JOSHUA | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Standard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Programme\SpeedProject\SpeedCommander 10\SpeedCommander.exe (SWE Sven Ritter)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Standard\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (CSCrySec) -- C:\Windows\system32\DRIVERS\CSCrySec.sys (Infowatch)
DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV - (KLBG) -- C:\Windows\system32\DRIVERS\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex) -- C:\Windows\System32\drivers\s125obex.sys (MCCI Corporation)
DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation)
DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation)
DRV - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070426
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.192
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.09 20:26:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.10.05 19:49:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.19 07:49:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.10 15:27:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.10.05 19:49:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2010.10.18 13:09:10 | 000,000,000 | ---D | M]

[2010.10.19 07:49:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\mozilla\Extensions
[2010.10.19 08:02:59 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\mozilla\Firefox\Profiles\5lww4ysg.default\extensions
[2010.10.19 08:02:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Wolfgang.Joshua\AppData\Roaming\mozilla\Firefox\Profiles\5lww4ysg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.19 07:49:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.11.18 15:20:48 | 000,000,000 | ---D | M] (AdVantage) -- C:\Programme\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2010.10.18 13:17:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.17 14:50:13 | 000,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010.10.17 14:50:11 | 000,000,071 | R--- | M] () - E:\AUTORUN_USB.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dvdpsync - (C:\Windows\system32\clicmrt.dll) - C:\Windows\System32\clicmrt.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.10.19 10:44:06 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\Documents\Oberon Media
[2010.10.19 08:06:04 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Local\Adobe
[2010.10.19 07:49:42 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\Mozilla
[2010.10.19 07:49:42 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Local\Mozilla
[2010.10.18 20:58:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.18 17:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010.10.18 13:09:22 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2010.10.18 13:09:22 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2010.10.18 13:08:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InfoWatch
[2010.10.18 13:08:15 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.10.18 13:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.10.18 13:07:27 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.10.18 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.10.18 08:41:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.10.15 10:55:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.15 10:55:14 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.10.15 10:55:14 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.10.15 10:55:14 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.10.15 10:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.15 10:04:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.15 10:03:13 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.15 10:02:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.15 10:02:23 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.15 10:02:19 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.15 10:02:19 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.15 10:00:50 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.15 10:00:48 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.15 09:54:07 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\PC Suite
[2010.10.15 09:48:47 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\Adobe
[2010.10.15 09:47:35 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Searches
[2010.10.15 09:47:15 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\Identities
[2010.10.15 09:47:08 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Contacts
[2010.10.15 09:46:59 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Local\VirtualStore
[2010.10.15 09:46:58 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\TuneUp Software
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Vorlagen
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\AppData\Local\Verlauf
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\AppData\Local\Temporary Internet Files
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Startmenü
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\SendTo
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Recent
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Netzwerkumgebung
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Lokale Einstellungen
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Documents\Eigene Videos
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Documents\Eigene Musik
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Eigene Dateien
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Documents\Eigene Bilder
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Druckumgebung
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Cookies
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\AppData\Local\Anwendungsdaten
[2010.10.15 09:46:50 | 000,000,000 | -HSD | C] -- C:\Users\Wolfgang.Joshua\Anwendungsdaten
[2010.10.15 09:46:48 | 000,000,000 | --SD | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\Microsoft
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Videos
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Saved Games
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Pictures
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Music
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Links
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Favorites
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Downloads
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Documents
[2010.10.15 09:46:48 | 000,000,000 | R--D | C] -- C:\Users\Wolfgang.Joshua\Desktop
[2010.10.15 09:46:48 | 000,000,000 | -H-D | C] -- C:\Users\Wolfgang.Joshua\AppData
[2010.10.15 09:46:48 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Local\Temp
[2010.10.15 09:46:48 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Local\Microsoft
[2010.10.15 09:46:48 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\Media Center Programs
[2010.10.15 09:46:48 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\Macromedia
[2010.10.15 09:46:48 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.15 09:46:48 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang.Joshua\Documents\DVDVideoSoft
[2010.10.11 22:15:13 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.10.11 22:15:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.10.10 15:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.10.10 15:27:49 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.10.10 15:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\rentenluecke
[2010.10.10 15:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\META-INF
[2010.10.10 15:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\com
[2010.10.05 19:47:50 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.10.05 19:47:00 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.10.03 17:13:37 | 000,000,000 | ---D | C] -- C:\Programme\Skybox Live! 3.0
[2010.10.02 13:47:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.10.02 13:47:17 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2009.03.10 23:00:20 | 000,061,984 | ---- | C] (Martin Pesch) -- C:\Programme\mp3DirectCut.exe
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.10.19 11:08:02 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8A449F14-AC96-44D1-97A9-3C4C75199DAD}.job
[2010.10.19 11:04:26 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.19 11:04:23 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.10.19 11:00:00 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2010.10.19 10:59:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job
[2010.10.19 10:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.19 10:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.19 10:47:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.19 10:47:04 | 3219,591,168 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.19 10:45:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.10.19 07:51:11 | 000,672,608 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.19 07:51:11 | 000,633,908 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.19 07:51:11 | 000,145,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.19 07:51:11 | 000,120,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.19 07:43:05 | 000,380,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.18 21:18:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.18 20:38:27 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2010.10.18 20:30:03 | 000,013,166 | ---- | M] () -- C:\Users\Wolfgang.Joshua\AppData\Roaming\nvModes.dat
[2010.10.18 20:30:03 | 000,013,166 | ---- | M] () -- C:\Users\Wolfgang.Joshua\AppData\Roaming\nvModes.001
[2010.10.18 14:00:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2010.10.18 13:27:28 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.10.18 13:27:28 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.10.18 13:07:27 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.10.18 08:41:55 | 000,049,152 | -H-- | M] () -- C:\Windows\System32\clicmrt.dll
[2010.10.15 10:55:25 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.11 22:15:20 | 000,001,034 | ---- | M] () -- C:\Users\Wolfgang.Joshua\Desktop\DVDVideoSoft Free Studio.lnk
[2010.10.05 19:52:40 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.10.03 17:13:38 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\Skybox Live! 3.0.lnk
[2010.09.28 20:18:39 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.20 11:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.10.18 13:55:28 | 000,001,172 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18UA.job
[2010.10.18 13:55:24 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-18Core.job
[2010.10.18 13:17:06 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.10.18 13:17:06 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.10.18 08:41:55 | 000,049,152 | -H-- | C] () -- C:\Windows\System32\clicmrt.dll
[2010.10.15 10:55:25 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.15 09:54:10 | 000,013,166 | ---- | C] () -- C:\Users\Wolfgang.Joshua\AppData\Roaming\nvModes.001
[2010.10.15 09:54:06 | 000,013,166 | ---- | C] () -- C:\Users\Wolfgang.Joshua\AppData\Roaming\nvModes.dat
[2010.10.15 09:49:44 | 000,000,428 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2010.10.15 09:46:48 | 000,001,034 | ---- | C] () -- C:\Users\Wolfgang.Joshua\Desktop\DVDVideoSoft Free Studio.lnk
[2010.10.15 09:45:56 | 3219,591,168 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.10 15:23:44 | 000,072,802 | ---- | C] () -- C:\ProgramData\Rentenlueckenrechner.jar
[2010.10.05 19:52:40 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.10.03 17:13:38 | 000,000,789 | ---- | C] () -- C:\Users\Public\Desktop\Skybox Live! 3.0.lnk
[2010.09.28 20:18:39 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.03.28 11:59:57 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.03.28 11:59:57 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CB031D1D89.sys
[2009.12.16 11:23:14 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.11 09:37:49 | 000,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.11 09:37:39 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2009.06.15 19:21:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.10 23:00:20 | 000,025,182 | ---- | C] () -- C:\Programme\Manual.htm
[2009.03.10 23:00:20 | 000,017,985 | ---- | C] () -- C:\Programme\FAQ.htm
[2009.03.10 23:00:20 | 000,002,332 | ---- | C] () -- C:\Programme\Version.txt
[2009.03.10 23:00:20 | 000,001,672 | ---- | C] () -- C:\Programme\License.txt
[2008.08.11 20:07:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.08.11 19:54:29 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.05.08 16:02:56 | 000,004,792 | ---- | C] () -- C:\Windows\UN060501.INI
[2007.12.16 11:25:50 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007.12.16 11:25:49 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.11.18 15:16:08 | 000,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.22 18:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.07.02 13:39:40 | 000,013,856 | ---- | C] () -- C:\ProgramData\Svclog.log
[2007.06.25 21:34:26 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.06.09 19:10:20 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.05.06 12:03:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.04.26 22:31:03 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.26 22:30:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004.10.30 15:40:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.10.30 15:39:52 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.10.11 22:15:22 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.15 09:54:07 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\PC Suite
[2010.10.15 09:46:58 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang.Joshua\AppData\Roaming\TuneUp Software
[2010.10.19 11:04:23 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.10.19 11:03:22 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.10.18 20:38:27 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2AACFABE-3B33-4DAF-B213-B138ADF0F46B}.job
[2010.10.19 11:08:02 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8A449F14-AC96-44D1-97A9-3C4C75199DAD}.job
[2010.10.19 10:59:00 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8B064243-A5B6-4219-86F7-5D7CF3E2AFC6}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9AB56A06

< End of report >


OTL Extras logfile created on: 19.10.2010 11:04:59 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Standard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 30,79 Gb Free Space | 30,88% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,24 Gb Free Space | 62,39% Space Free | Partition Type: NTFS
Drive E: | 75,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: JOSHUA | User Name: Wolfgang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CFBA6D-ACAE-4E94-9758-803089752624}" = lport=4711 | protocol=6 | dir=in | name=emule |
"{3D1702FD-4BF8-42C6-8057-13889A5623EE}" = lport=4662 | protocol=6 | dir=in | name=emule tcp |
"{4C6106D7-4DEB-4BFE-AC7F-DEE923CCDD94}" = lport=4672 | protocol=17 | dir=in | name=emule udp |
"{AFE65C0B-51B9-43A6-986D-A2614451326D}" = lport=4662 | protocol=6 | dir=in | name=emule |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A7949779-5E0B-44D7-947F-01790D37308D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{CB544074-25FF-4B57-BE63-1F2C56D6EF0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F20D16E4-CE2D-4770-BB1E-63B68C867B53}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"TCP Query User{0CD62905-8219-45AC-A4B3-5705E58D7165}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{2D4CE0AC-F89D-4F26-A640-C2DE742F8DF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{2FC0C287-1045-44CB-8743-53D9AE730752}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{315A9BED-4B07-4093-9FB2-988BBD663927}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{877F6E7A-C2E5-4017-A737-A39C5F653799}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{92AE9FAC-E75A-41B5-96D0-0E19C2B12795}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CE482E7E-7295-474F-A53D-73F9D523279E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EBD36FDA-D478-4F9B-B30B-2C6A6DD93A8C}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{2326E759-C432-494A-890E-AE9F7B4A7D52}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{47ADEFC3-4DAE-41CE-9A3E-AAE2D99390D4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4BA9EC97-27E8-4739-9E99-F8255E1DD3C0}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{722ACF70-AA13-4290-9A0B-34D50923B877}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ADA6B793-A860-4965-8490-11E1B654CEDF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E52F4F9E-02E6-4FA8-97A4-7EEBEB756ACE}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{F192ED13-D020-43D5-B41D-8AB7F13C306B}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{F2611DFA-D994-44FE-8184-3F08B801AFC1}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{00C56455-3F6E-47F6-8408-9E3C5600A97D}_is1" = 3.1
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}" = QuickSet
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1F7C120-80F4-48B1-00B8-4E278AED8779}" = NHL07
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1" = PDFTigerDriver
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DE252510-5687-4C60-A705-C43E19F12C9D}_is1" = PDFTiger Kernel
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Photo Commander 6_is1" = Ashampoo Photo Commander 6.20
"asterisk key" = Asterisk Key 10.0
"Azteca" = Azteca
"Bengal (VOLLVERSION)" = Bengal (VOLLVERSION)
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"eMule" = eMule
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Foto-Mosaik_is1" = Foto-Mosaik 4.1.0
"Free YouTube Download_is1" = Free YouTube Download 2.9
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nebel der Elfen" = Nebel der Elfen
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PDFTiger_is1" = PDFTiger
"Piraten_is1" = Piraten
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"SpeedCommander 10" = SpeedCommander 10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UN060501" = BUFFALO NAS Navigator
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinRAR archiver" = WinRAR Archivierer
"XviD_is1" = XviD MPEG-4 Video Codec

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 18.10.2010 15:02:56 | Computer Name = Joshua | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 18.10.2010 15:22:17 | Computer Name = Joshua | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
Ausnahmecode 0xc000071b, Fehleroffset 0x00088ed9, Prozess-ID 0x55c, Anwendungsstartzeit
01cb6ef6f42819b3.

Error - 18.10.2010 15:24:15 | Computer Name = Joshua | Source = Application Hang | ID = 1002
Description = Programm rescue_system-common-en.exe, Version 2.0.0.3 arbeitet nicht
mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf
im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 106c Anfangszeit: 01cb6ef9ec970ffc Zeitpunkt
der Beendigung: 3549

Error - 19.10.2010 01:46:52 | Computer Name = Joshua | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 19.10.2010 01:47:53 | Computer Name = Joshua | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18444, Zeitstempel
0x4b9654d8, fehlerhaftes Modul clicmrt.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4cb70d9b, Ausnahmecode 0xc0000005, Fehleroffset 0x744d1f27, Prozess-ID 0xfc0,
Anwendungsstartzeit 01cb6f5129b2666f.

Error - 19.10.2010 04:27:23 | Computer Name = Joshua | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 19.10.2010 04:39:54 | Computer Name = Joshua | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18444, Zeitstempel
0x4b9654d8, fehlerhaftes Modul clicmrt.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4cb70d9b, Ausnahmecode 0xc0000005, Fehleroffset 0x71411f27, Prozess-ID 0x131c,
Anwendungsstartzeit 01cb6f69324e500c.

Error - 19.10.2010 04:42:42 | Computer Name = Joshua | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
Ausnahmecode 0xc000071b, Fehleroffset 0x00088ed9, Prozess-ID 0x538, Anwendungsstartzeit
01cb6f675878432f.

Error - 19.10.2010 04:49:43 | Computer Name = Joshua | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 19.10.2010 05:03:08 | Computer Name = Joshua | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
Ausnahmecode 0xc0000005, Fehleroffset 0x00046480, Prozess-ID 0x580, Anwendungsstartzeit
01cb6f6a3d4f984a.

[ System Events ]
Error - 19.10.2010 04:26:48 | Computer Name = Joshua | Source = HTTP | ID = 15016
Description =

Error - 19.10.2010 04:27:30 | Computer Name = Joshua | Source = Service Control Manager | ID = 7026
Description =

Error - 19.10.2010 04:44:56 | Computer Name = Joshua | Source = Service Control Manager | ID = 7032
Description =

Error - 19.10.2010 04:44:56 | Computer Name = Joshua | Source = Service Control Manager | ID = 7032
Description =

Error - 19.10.2010 04:45:42 | Computer Name = Joshua | Source = Service Control Manager | ID = 7006
Description =

Error - 19.10.2010 04:47:32 | Computer Name = Joshua | Source = HTTP | ID = 15016
Description =

Error - 19.10.2010 04:48:46 | Computer Name = Joshua | Source = Service Control Manager | ID = 7026
Description =

Error - 19.10.2010 04:50:47 | Computer Name = Joshua | Source = DCOM | ID = 10010
Description =

Error - 19.10.2010 05:05:22 | Computer Name = Joshua | Source = Service Control Manager | ID = 7032
Description =

Error - 19.10.2010 05:05:22 | Computer Name = Joshua | Source = Service Control Manager | ID = 7032
Description =

[ TuneUp Events ]
Error - 17.12.2009 08:03:59 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-17 13:03:59', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','2344',0)

Error - 18.12.2009 02:13:33 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-18 07:13:33', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','3044',0)

Error - 23.12.2009 14:01:52 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-23 19:01:52', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','1456',0)

Error - 28.01.2010 17:38:11 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-28 22:38:11', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','2756',0)

Error - 07.03.2010 10:14:55 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-07 15:14:55', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','336',0)

Error - 07.03.2010 10:15:25 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-07 15:15:25', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','4084',0)

Error - 24.03.2010 16:13:31 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-24 21:13:31', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','1512',0)

Error - 24.03.2010 16:13:57 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-24 21:13:57', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','2696',0)

Error - 24.03.2010 16:14:32 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-24 21:14:32', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','2516',0)

Error - 12.06.2010 18:02:41 | Computer Name = Joshua | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "em": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-06-13 00:02:41', '\device\harddiskvolume3\program
files\poker texas hold'em\poker3d.exe','3552',0)


< End of report >


Nun hoff ich mal ich hab alles bisher einigermassen richtig genmacht und verbleibe in der Hoffnung auf Hilfe...

Wolfgang
Seitenanfang Seitenende
19.10.2010, 12:10
Moderator

Beiträge: 7795
#2 Pruefe bitte die DAtei C:\Windows\System32\clicmrt.dll bei Virustotal und poste denLink zum Ergebnis
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
19.10.2010, 12:32
...neu hier

Themenstarter

Beiträge: 4
#3 Ich hoffe ich mache das richtig... das ist der Link aus meinem Browser...


http://www.virustotal.com/file-scan/report.html?id=d3cf21f839570c88b66e5a0e4c110d7f4507e7fb296f4adaa3a0786e91c922d4-1287484024

Vielen Dank

Wolfgang
Seitenanfang Seitenende
19.10.2010, 12:57
Moderator

Beiträge: 7795
#4 Nutze bitte einmal drweb Curit und lasse alle Funde loeschen. Poste danach bitte den erstellten Report...
http://board.protecus.de/t29351.htm
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
19.10.2010, 17:46
...neu hier

Themenstarter

Beiträge: 4
#5 Hallo Ralf,

anbei ein Auszug aus dem logfile:
=============================================================================
Dr.Web Scanner für Windows v6.00.05 (6.00.05.08310)
© Doctor Web, Ltd., 1992-2010
Log erstellt am: 2010-10-19, 13:50:48 [JOSHUA][Wolfgang]
Kommandozeile: "C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\898e5_xp.exe" /lng:de-scan /ini:setup_xp.ini /fast
Betriebssystem: Windows Vista Premium x86 (Build 6001), Service Pack 1
=============================================================================
DwShield gestartet
Engine-Version: 5.00 (5.00.2.03300)
API-Version: 2.02
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\ff8fa183 - 1114 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\b41585b0 - 1 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\b8312109 - 10397 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\13bad1a7 - 11234 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\2ff17061 - 10356 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\0722dad7 - 11383 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\47de7228 - 8957 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\96d812ba - 11015 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\4ac8ed76 - 11168 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\4a471181 - 7798 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\179b01fe - 7873 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\13d0a95c - 6904 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\f65d10e8 - 6503 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\f77da061 - 9823 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\68d958a9 - 7572 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\fbf3bc41 - 6996 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\a81cbce3 - 16360 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\63847685 - 29168 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\a26bd878 - 34202 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\5e9c50d9 - 28292 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\be17b4f4 - 27164 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\5a09fb0b - 25131 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\cde99ed0 - 31464 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\1b65c553 - 18281 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\f93558c7 - 18009 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\22e89e22 - 24685 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\ab41f120 - 13651 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\175d1c89 - 16025 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\4772256f - 15644 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\e27e5398 - 23265 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\669d1658 - 23135 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\87de7f4d - 20510 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\c8c0aba2 - 25475 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\0bea456e - 16298 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\2b7a1cbb - 19357 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\e9a8b896 - 18381 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\6abae404 - 19562 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\79ec1256 - 27102 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\6fe26323 - 21223 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\d84ac67a - 24847 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\f635f30b - 23251 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\6c648b00 - 14982 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\fdf8d894 - 16817 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\b9f98130 - 18725 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\a9d13627 - 18429 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\4876ee61 - 6225 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\31a1895e - 142240 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\e71f2780 - 66726 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\837d0488 - 24512 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\3233eb7a - 82762 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\948bbaed - 508543 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\e45391c6 - 1373 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\f6138ffb - 1959 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\c9c6505a - 2033 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\22323317 - 1812 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\0b68ce2c - 1738 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\f1b3c32b - 1885 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\25e28cf0 - 2091 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\2624469c - 1569 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\5a3f9353 - 1834 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\9bf8df96 - 15 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\95309b1c - 1833 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\7d5ea741 - 1614 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\1e179f67 - 2297 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\0900a77c - 2110 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\b032b71c - 2007 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\aba40c3a - 2370 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\ba105c97 - 2241 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\15a378fd - 2596 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\681504f5 - 2024 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\bbf32397 - 1609 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\1b48c984 - 1471 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\bc12ce4f - 1445 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\c91659a7 - 1895 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\8c0e6001 - 2312 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\bc4737bf - 3006 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\525960b8 - 2146 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\3e358e84 - 1714 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\13cd5db7 - 2095 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\209f2cf9 - 2715 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\337b8300 - 2545 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\3ab861b6 - 2801 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\4ab9353b - 6197 Virensignaturen
[Virendatenbank] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\4c5050f3 - 28348 Virensignaturen
Gesamtzahl der Virensignaturen: 1685237
[Selbstüberprüfung] C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\898e5_xp.exe
Lizenzschlüsseldatei: C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\setup.key
Lizenzchlüsselnummer: 0012913379
Registriert für:: An unauthorized User
Aktivierungsdatum des Lizenzschlüssels:: 2010-09-17
Ablaufdatum des Lizenzschlüssels:: 2011-03-20
Speichervorgang: System:4 - OK
Speichervorgang: C:\Windows\System32\smss.exe:528 - OK
Speichervorgang: C:\Windows\System32\csrss.exe:660 - OK
Speichervorgang: C:\Windows\System32\wininit.exe:712 - OK
Speichervorgang: C:\Windows\System32\csrss.exe:720 - OK
Speichervorgang: C:\Windows\System32\services.exe:764 - OK
Speichervorgang: C:\Windows\System32\lsass.exe:780 - OK
Speichervorgang: C:\Windows\System32\lsm.exe:788 - OK
Speichervorgang: C:\Windows\System32\winlogon.exe:812 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1012 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1104 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1152 - OK
Speichervorgang: C:\Windows\System32\Ati2evxx.exe:1224 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1272 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1364 - OK
Speichervorgang: C:\Windows\System32\audiodg.exe:1488 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1556 - OK
Speichervorgang: C:\Windows\System32\SLsvc.exe:1588 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1644 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1792 - OK
Speichervorgang: C:\Windows\System32\spoolsv.exe:1996 - OK
Speichervorgang: C:\Program Files\Avira\AntiVir Desktop\sched.exe:2028 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:124 - OK
Speichervorgang: C:\Program Files\Avira\AntiVir Desktop\avguard.exe:1000 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1200 - OK
Speichervorgang: C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe:1400 - OK
Speichervorgang: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe:1024 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:1392 - OK
Speichervorgang: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe:1756 - OK
Speichervorgang: C:\Windows\System32\TUProgSt.exe:1844 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:2092 - OK
Speichervorgang: C:\Windows\System32\drivers\XAudio.exe:2172 - OK
Speichervorgang: C:\Windows\System32\dwm.exe:3744 - OK
Speichervorgang: C:\Program Files\Windows Defender\MSASCui.exe:4020 - OK
Speichervorgang: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:1320 - OK
Speichervorgang: C:\Windows\sttray.exe:1700 - OK
Speichervorgang: C:\Program Files\Windows Media Player\wmpnscfg.exe:2460 - OK
Speichervorgang: C:\Program Files\Windows Media Player\wmpnetwk.exe:2052 - OK
Speichervorgang: C:\Windows\System32\wbem\unsecapp.exe:2624 - OK
Speichervorgang: C:\Windows\System32\rundll32.exe:2912 - OK
Speichervorgang: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe:3500 - OK
Speichervorgang: C:\Program Files\Windows Sidebar\sidebar.exe:3140 - OK
Speichervorgang: C:\Windows\ehome\ehtray.exe:3256 - OK
Speichervorgang: C:\Windows\ehome\ehmsas.exe:4016 - OK
Speichervorgang: C:\Program Files\Windows Sidebar\sidebar.exe:2348 - OK
Speichervorgang: C:\Program Files\Mozilla Firefox\firefox.exe:3476 - OK
[Speicherscannen] Speichervorgang: C:\Program Files\Mozilla Firefox\firefox.exe:2856 infiziert mit BackDoor.Tdss.565 - beseitigt
Speichervorgang: C:\Program Files\Mozilla Firefox\firefox.exe:2856 - OK
Speichervorgang: C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe:2996 - OK
Speichervorgang: C:\Windows\System32\wuauclt.exe:4044 - OK
Speichervorgang: C:\Program Files\Internet Explorer\ieuser.exe:2464 - OK
Speichervorgang: C:\Program Files\Internet Explorer\iexplore.exe:636 - OK
Speichervorgang: C:\Windows\explorer.exe:2364 - OK
Speichervorgang: C:\Program Files\Internet Explorer\ieuser.exe:4040 - OK
Speichervorgang: C:\Windows\System32\svchost.exe:2708 - OK
Speichervorgang: C:\Users\Standard\Desktop\37j8uuu4.exe:5372 - OK
Speichervorgang: C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\17c5a0.exe:5468 - OK
Speichervorgang: C:\Users\Wolfgang.Joshua\AppData\Local\Temp\FB9C4F59-22AA3838-691BBC74-81975BB8\898e5_xp.exe:5892 - OK
Master Boot Record HDD1 infiziert mit BackDoor.Tdss.4005
OS/2 or WinNT Boot Sector HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK

Danach kommen noch ewig viele Zeilen u. a.

C:\Windows\system32\clfs.sys - OK
C:\Windows\system32\clfsw32.dll - OK
C:\Windows\system32\clicmrt.dll infiziert mit BackDoor.Spy.649 - gelöscht
C:\Windows\system32\cliconfg.dll - OK

Ich habe erst den normalen Scan laufen lassen, anschliessend den ausführlichen gestartet. Den aber nach 2,5 Std abgebrochen, das lasse ich mal nachts laufen.

Das System funktioneiert wieder völlig normal, also beide browser problemlos, das Windows-update geht ebenfalls... alles wieder bestens. Zumindest sieht das so aus ;-)

Danke nochmal !!!

Wolfgang
Seitenanfang Seitenende
19.10.2010, 17:51
Member
Avatar Gool

Beiträge: 4730
#6 Dann solltest Du auch unbedingt die Windows-Updates einspielen. Für Vista gibt es schon seit langem SP2 (wodurch Vista nicht mehr ganz so unerträglich benutzbar wird) - und auch den IE würde ich auf die aktuelle Version aktualsieren.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
19.10.2010, 18:07
...neu hier

Themenstarter

Beiträge: 4
#7 Hallo,

updates werden bereits installiert. SP 2 ist ein guter Tipp, werde mich drum kümmern.

Den IE 7 habe ich nur von 8 zurückinstalliert um das Problem einzugrenzen.
Am Anfang lief nur der IE nicht mehr korrekt.

Wolfgang
Seitenanfang Seitenende
19.10.2010, 18:39
Moderator

Beiträge: 7795
#8 Uh, tdss ist boese, fast so boese, wie der Papras! PAssworte aendern ist da pflicht. Neu aufsetzen eigentlich auch. Wir muessen noch eine TDSS kontrolle machen.
http://support.kaspersky.com/de/faq/?qid=207620123 bitte abarbeiten und Report posten, genauso wie das hier:
http://www.trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: